Scriptsafe new update after 2 years!

[antreas]

The developer update it after 2 years of inactivity and its better than ever!

v1.0.6.x - "We Feel Safe in a Dangerous Place"

v1.0.6.19 - Thursday, May 26, 2016
- added WebRTC Protection - requires Chrome v48 or newer ("Protect Local IP" by default; visit Options page for additional choices)
- overall code and performance optimization
- updated unwanted content providers and antisocial lists
- updated jQuery to latest version (2.2.4)
- updated browsers and operating systems (for the User-Agent Spoofing option)
- moved project to Github and updated the links within ScriptSafe accordingly

Chrome store

 

[_CyberGhosT_]

Nice post antreas..
Gave up on this product some time back, it's nice to see it reemerge.
Thanks for sharing this.
PeAcE

 

[Myriad]

The developer update it after 2 years of inactivity and its better than ever!

v1.0.6.x - "We Feel Safe in a Dangerous Place"

v1.0.6.19 - Thursday, May 26, 2016
- added WebRTC Protection - requires Chrome v48 or newer ("Protect Local IP" by default; visit Options page for additional choices)
- overall code and performance optimization
- updated unwanted content providers and antisocial lists
- updated jQuery to latest version (2.2.4)
- updated browsers and operating systems (for the User-Agent Spoofing option)
- moved project to Github and updated the links within ScriptSafe accordingly

Chrome store

That's good news .... thanks for posting .
I always liked it for Chrome and derivatives .... and I'm a HUGE fan of NoScript for the FF family
.... couldn't imagine life without that !

" User-Agent Spoofing option " .... what's not to like ? .... it just gets better !

 

[antreas]

Nice about 1000 new downloads in few hours

 

[antreas]

Bump for today.

 

[Petrovic]

v1.0.7.0:

• IMPORTANT - due to the number of changes, it is recommended you restart Chrome, otherwise you might run into issues with the tooltip for existing tabs
• significant performance improvements from a major overhaul of the core domain matching logic and other tweaks throughout ScriptSafe
• domain whitelisting/blacklisting now supports basic regex: entire domain, wildcard, and single character matching (more info in Options page - you may want to revisit your whitelist/blacklist and revise accordingly)
• added IPv6 address whitelist/blacklist support (e.g. [2001:4860:0:2001::68] - must contain square brackets)
• added a check and notification in the Options page if WebRTC Protection isn't supported by the current Chrome version
• allowed XMLHTTPREQUEST items are now listed in the ScriptSafe dialog to allow for blacklisting
• added option to control all XMLHTTPREQUEST items
• reduced pre-specified whitelist to just "*.googlevideo.com" (for basic YouTube support). Rationale: it should not be up to anyone to predefine what is "acceptable" to load. With the update to the domain matching logic, matching is now more reliable.
• updated sync notifications to use the new chrome.notifications API
• updated unwanted content providers and antisocial lists
• updated core logic so that if there are any whitelist/blacklist conflicts, the whitelist is applied first
• FYI - info on new "Privacy" permission required starting from v1.0.6.19 (tl;dr - it's harmless and ScriptSafe is safe)
• if you run into any issues, please create an issue in Github. This release is completely synced up to Github so the latest source code is available for review.

ScriptSafe

 

[antreas]

• v1.0.7.1:
  • IMPORTANT - due to the number of changes, I recommend that you restart Chrome AND also review your whitelist/blacklist (particularly trusted/distrusted domains)
  • v1.0.7.1 - optimized ScriptSafe panel performance, fixed one-time whitelist/blacklist update (for trusted/distrusted domains), and also from this version onwards ScriptSafe will notify you it will wait for a browser restart in order to auto-update

 

[antreas]

v1.0.7.14 - Monday, June 20, 2016
- Added a new Fingerprinting Protection section with 8 new options (disabled by default):
--- Canvas Fingerprint Protection - protect against fingerprinting attempts through <canvas> elements, with the following options:
------ Disabled
------ Blank Readout (serve an empty canvas with the original dimensions)
------ Random Readout (serve an empty canvas with random dimensions)
------ Completely Block Readout (refuse to serve any data)
--- Block Audio Fingerprinting - prevent fingerprinting via the AudioContext API
--- Block WebGL Fingerprinting - prevent fingerprinting via the WebGL API
--- Block Battery Fingerprinting - prevent fingerprinting via the Battery API
--- Block Device Enumeration - prevent having hardware devices detected via the WebRTC API
--- Block Gamepad Enumeration - prevent having hardware devices detected via the Gamepad API
--- Block Canvas Font Access - prevent system fonts from being enumerated through <canvas> elements
--- Reduce Keyboard Fingerprinting (for advanced users) - make keypress timings more random to increase anonymity (note: adds a random delay between keypresses))
--- I recommend enabling all of the above options (except the last) for increased privacy, and based on your needs disable the options that interfere with your usage.
- Added new option: "Prevent Clipboard Interference" (under "Behavior Settings") - prevent pages from interfering with clipboard actions (disabled by default)
- Updated unwanted content providers list

 

[antreas]

I spent the last two weeks focusing on bringing Fingerprinting Protection to ScriptSafe. If you haven't noticed, the Options page now has a new Fingerprinting Protection section with not one, not two, not three, but nine brand-new options!

In addition, two new options have been added to remove URL-based tracking, as well as an option to spoof your browser's timezone (handy for VPN users).

As you have probably noticed already, the look of this page has changed! But wait, there's more! Check out the Options page

Still on my list: 1) translate ScriptSafe into multiple languages; and 2) improve design and appearance.

Much love to all who helped report issues and tested the beta versions of this release, as well as to everyone for inspiring me and sharing ideas on how to make ScriptSafe better for everyone.

In this release you will find the following updates:

• v1.0.8.0:
  • Revamped the design of this page and the Options page: wider layout, larger/more readable words, and intuitive buttons. On the new Options page you are able to toggle between Grouped and List views by clicking on the button in the top-right corner.
  • Added a new Fingerprinting Protection section with the following options (all disabled by default):
    • Canvas Fingerprint Protection - protect against fingerprinting attempts through <canvas> elements, with the following options:
      • Disabled
      • Blank Readout (serve an empty canvas with the original dimensions)
      • Random Readout (serve an empty canvas with random dimensions)
      • Completely Block Readout (refuse to serve any data)
    • Block Audio Fingerprinting - prevent fingerprinting via the AudioContext API
    • Block WebGL Fingerprinting - prevent fingerprinting via the WebGL API
    • Block Battery Fingerprinting - prevent fingerprinting via the Battery API
    • Block Device Enumeration - prevent having hardware devices detected via the WebRTC API
    • Block Gamepad Enumeration - prevent having hardware devices detected via the Gamepad API
    • Block Canvas Font Access - prevent system fonts from being enumerated through <canvas> elements
    • Block Client Rectangles Fingerprinting - prevent fingerprinting through calculating element client rectangles)
    • Reduce Keyboard Fingerprinting (for advanced users) - make keypress timings more random to increase anonymity (note: adds a random delay between keypresses))
    • I recommend enabling all of the above options (except the last two) for increased privacy, and based on your needs disable the options that interfere with your usage.
  • Added Remove Google Analytics (UTM) Tracking option (under Privacy Settings) - remove Google Analytics (UTM) tracking tokens before they're actually passed to the server (disabled by default)
  • Added Remove Possible Hash Tracking option (under Privacy Settings) - remove possible tracking tokens passed using hash, where there is an attribute and value (e.g. #xtor=RSS-1) (disabled by default)
  • Added Spoof Timezone option (under Privacy Settings) - spoof or randomize your timezone; useful if you use VPN (disabled by default)
  • Added Prevent Clipboard Interference option (under Behavior Settings) - prevent pages from interfering with clipboard actions (disabled by default)
  • Added option to apply user-agent spoofing on whitelisted domains as well (default behaviour is to disable spoofing on whitelisted domains to avoid issues, but enabling this option will spoof the user-agent regardless)
  • Added Save as Text File functionality to the Export Settings portion in the Options page
  • Fix Panel expand issue for Mac OS X users
  • Updated unwanted content providers list
  • Created a beta testing signup form. If you sign up to become a beta tester, you will be emailed when there is a new version ready to be tested before being pushed to the Chrome Web Store. Sign up to be a beta tester!
  • I now have a Bitcoin address due to inquiries from people wary of PayPal but wanted to still donate!
    • 39VJ5L9Yd6WocG6r88uE7ZZnM5J2M5bW92
      (also found at the top of this and the Options page)

I have put together some documentation for ScriptSafe, including "Getting Started" instructions.

If you run into any issues, please create an issue in Github.

I am quite active on Twitter, so if you don't mind the occasional cat tweet, you are free to follow me: @andryou.

Thank you,
-Andrew

 

[antreas]

Updated to v1.0.9.0!
Happy new year! I hope 2017 is off to a great start for you.

This update brings several improvements, a redesign of the ScriptSafe panel to better accommodate all languages and long domain names, as well as Spanish translation. On the topic of language: I will start working on providing users the ability to control the interface language.

I want to take this opportunity to recommend an excellent Chrome extension by EFF (Electronic Frontier Foundation) which automatically blocks ads and trackers using heuristics, which you can use alongside ScriptSafe: Privacy Badger.

In this release you will find the following updates:

• v1.0.9.0:
  • Several improvements have been made to the ScriptSafe panel:
    • Changed to a one-column layout to better accommodate all languages and long domain names
    • Fixed scrollbar issue where it would sometimes not scroll unless the bar itself was dragged
    • Allows users to open several domains' ratings without having to reopen the panel each time
    • Resolved issue with unscrollable long lists in other Chrome-based browsers
    • Improved ability to access the Options, Refresh, Close buttons
    • Domain control buttons are now all consistently displayed
  • Added the ability to Block WebVR Enumeration (under Fingerprint Protection, option is disabled by default so feel free to enable it)
  • Added ScriptSafe options to the right-click context menu (useful for popup windows with no controls)
  • Fixed uncleared icon counter when there are blocked items for a tab and then ScriptSafe is disabled
  • Improved Google Analytics (UTM) Tracking Removal to also strip out the utm_name parameter
  • Added Spanish locale (thank you Enrique Arróniz Ramos!)
  • Updated unwanted content providers list
  • Minor update to Swedish locale
  • Minor code optimizations

I have put together some documentation for ScriptSafe, including "Getting Started" instructions.

If you run into any issues, please create an issue in Github.

I am quite active on Twitter, so if you don't mind the occasional cat tweet, you are free to follow me: @andryou.

Thank you,
-Andrew

 

[antreas]

The next version will give the option to protect against phishing attempts
Add option to block data: URLs · Issue #157 · andryou/scriptsafe · GitHub

 

[antreas]

Hello,

What's changed from v1.0.9.0 to aid in beta testing:

• Added option to block Data URLs (data:text/html) to protect users against new phishing attacks (disabled by default) - #157 - test page: https://www.andryou.com/dataurltest.html
• Added the ability to set ScriptSafe's interface language (found at the top of the Options page) - #145
• Improved ScriptSafe panel scalability in terms of font size and screen resolution - #17
• Added option to show or hide the ScriptSafe context (right-click) menu - #162
• Fixed occasional panel loading issue when NOSCRIPT blocking is enabled - #159 + #163
• Added ability to manually add domains to fingerprint whitelists - #161
• Minor update to the Chinese - Simplified translation
• Updated unwanted content providers list
• Minor optimizations

You can find the zip file, more information and instructions here: v1.0.9.1 BETA - Available for Testing · Issue #166 · andryou/scriptsafe · GitHub

I hope to publish v1.0.9.1 before the end of this week, so I'd appreciate it if you can give this beta a quick drive whenever you get the chance

 

[antreas]

v1.0.9.1:

• Added option to block Data URLs (data:text/html) to protect users against new phishing attacks (disabled by default, found in "General Settings")
• Added the ability to set ScriptSafe's interface language (found at the top of the Options page)
• Improved ScriptSafe panel scalability in terms of font size and screen resolution
• Fixed occasional panel loading issue when NOSCRIPT blocking and Ratings are both enabled
• Added option to show or hide the ScriptSafe context (right-click) menu
• Added ability to manually add domains to fingerprint whitelists
• Minor update to the Chinese - Simplified translation
• Updated unwanted content providers list
• Minor optimizations